[ previous ] [ next ] [ threads ]
 
 From:  Dany Nativel <dany underscore list at natzo dot com>
 To:  Adam Nellemann <adam at nellemann dot nu>
 Cc:  "Chad R. Larson" <clarson at eldocomp dot com>, "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Static DHCP only?
 Date:  Wed, 11 Feb 2004 11:29:18 -0500 
Adam,

You will find below one of my previous post regarding PPTP to secure a 
WLAN connection using OPT1 (external Access Point). The OPT1 is on a 
10.112.x.x subnet.  It's very easy to setup. You may want to replace 
OPT1 with your WLAN card.

As soon as the user authenticates, he gets a virtual IP address within 
the LAN subnet so I don't have to setup any static route. The only rules 
I used are :

--> for OPT1 :        (this is here to only allow PPTP traffic)
GRE * * * *                                    
TCP * * * 1723

--> for PPTP
* * * * *

The other settings are :

INTERFACES
LAN : 192.168.0.10/24
WAN : DHCP
OPT1 : bridge:none
            ip address : 10.112.0.1/24

RULES
PPTP clients
* * * * *

OPT1 interface
GRE * * * *
TCP * * * 1723

LAN * * * * *

SERVICES :  DHCP
-   LAN    192.168.0.1 to 192.168.0.9
-   OPT1  10.112.0.2 to 10.112.0.10

VPN : PPTP
Enable : yes
Server address : 192.168.0.200
Remote address range : 192.168.0.208

VPN: PPTP: User
....

Under Windows, you can create PPTP account (new network connection with 
the same login/password)

I hope this will help you.  This was really easy to setup so you should 
give it a try.

Dany


Adam Nellemann wrote:

> Hi,
>
> Chad R. Larson wrote:
>
>> At 07:24 PM 2/7/2004, Adam Nellemann wrote:
>>
>>> Also, aside from using WEP, is there any other way to increase 
>>> wireless security in m0n0wall? (Seeing as neither MAC filtering, 
>>> Shared WEP access nor SSID broadcast disable is available.)
>>
>>
>>
>> Sure.  Run PPoE over the wireless link.  Or use SSH with port 
>> forwarding.  Either would get you strong encryption with 
>> authentication, and allow you to remove WEP (and the key management 
>> headaches) altogether.
>
>
> Thanks for your reply!
>
> I might be missing the point here(?) but what I want is better 
> security on my WiFi link (between m0n0wall and my PCs), while still 
> using the internet over this link as "normal" (ie. for IMAP, SMTP, 
> HTTP, FTP etc.)
>
> If this can be done the way you suggest (ie. somehow tunneling 
> everything through SSH and/or PPoE) I'd love to hear how I set this up 
> on m0n0wall (and Win2k if you know how)?
>
> I was under the impression (but could easily be wrong?) that SSH was 
> used with specific types of connection, and that PPoE was mainly used 
> by some ISPs for their dsl/cable costumers. (My ISP use DHCP, but will 
> always assign the same static IP to me, probably so they can change 
> nameservers easily?)
>
>
> Regards,
>
> Adam.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>